Course Description

Defensive programming is an approach to programming that attempts to ensure that software still functions under adverse or unforeseen circumstances. In this course, you'll learn how to defend against injection attacks, including SQL, XML, LDAP, and coding attacks. You'll also learn how to handle concurrency.

Learning Objectives

Working with Data

start the course

identify why unsanitized data should not be logged in Java programs

identify why unsanitized data should be excluded from format strings

identify the issues that can occur when handling ZIP and GZIP files in Java

identify how to use input validation in a Java application

identify how to protect regular expressions against regex injection attacks

Defending against Attacks

identify how to prevent SQL injection attacks in Java

identify how to prevent code injections in Java

set up a local LDAP server, create a connection, and populate the server with directory entries

identify how to prevent LDAP injection in Java

identify how to prevent XPath injections in Java

identify how to prevent XML injection attacks in Java

identify how to prevent against XML Entity expansion attacks in Java

list the potential problems that path traversal may cause and recognize how to prevent them in Java

use defensive programming techniques to defend against attacks in Java programs

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.